ClawHub

双语字幕

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it can overwrite original MKV files by default, including in batch mode, without a script-enforced confirmation or backup.

Review before installing. Use --dry-run first, pass --output to write to a separate file or directory, and keep backups of MKV files. The behavior is not malicious, but the default overwrite path can permanently replace original media if the merge is wrong or batch processing targets more files than intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The CLI help says the default is a separate output file, but the implementation actually overwrites the source MKV in place when no --output is provided. That mismatch can cause irreversible loss of the original file and makes destructive behavior more likely in normal use, especially for batch processing of user media.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrases are broad enough to match general subtitle-editing requests that may not imply MKV extraction, shelling out to MKVToolNix, or overwriting media files. This can cause unintended activation of a skill with stronger capabilities than the user expected, increasing the chance of accidental file modification or unsafe command execution in adjacent contexts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill performs in-place replacement of the source MKV by default, but that destructive behavior is not made prominent in the main usage path. Users may reasonably run the example commands expecting a non-destructive output, leading to unintended overwrites, data loss, or corruption if processing fails or produces incorrect merged subtitles.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script replaces the original MKV via os.replace() without requiring explicit opt-in, backup creation, or confirmation. In a file-manipulation skill, silent in-place replacement is especially dangerous because malformed merges, tool bugs, or user misunderstanding can destroy original media at scale during batch runs.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal